sudo -i ? 04.04.2014 14:31 полÑзоваÑÐµÐ»Ñ "Craig R. Skinner" <skin...@britvault.co.uk> напиÑал:
> Hi, > > When sudo'ing to another user, how can I obtain all of their environment > settings as they receive when logging in themselves? > > When I use sudo in this manner, settings such as $PATH, $MAIL & umask > aren't being honoured: > > > $ echo $LOGNAME; echo $PATH; echo $MAIL; umask > craig > > /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin:/usr/site/bin:/u sr/site/sbin:/home/craig/bin > /var/mail/craig > 027 > > > > Here, $PATH, $MAIL & umask are unchanged: > > $ sudo -H -i -u david > $ echo $LOGNAME; echo $PATH; echo $MAIL; umask > david > > /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin:/usr/site/bin:/u sr/site/sbin:/home/craig/bin > /var/mail/craig > 027 > > > Compare the difference when logging in as that user: > > $ login david > ... > $ echo $LOGNAME; echo $PATH; echo $MAIL; umask > david > /usr/bin:/bin:/usr/local/bin:/usr/site/bin:/home/david/bin > /var/mail/david > 022 > > > > > /etc/login.conf: > default:\ > :passwordcheck=/usr/local/bin/pwqcheck -1:\ > :passwordtries=0:\ > :path=/usr/bin /bin /usr/local/bin /usr/site/bin ~/bin:\ > :umask=022:\ > :datasize-cur=.... > > staff:\ > :path=/usr/bin /bin /usr/sbin /sbin /usr/local/bin /usr/local/sbin > /usr/site/bin /usr/site/sbin ~/bin:\ > :umask=027:\ > :datasize-cur=.... > > > $ egrep 'env_|Defaults' /etc/sudoers | grep -v ^# > Defaults env_keep +="DESTDIR DISTDIR EDITOR FETCH_CMD FLAVOR FTPMODE GROUP > MAKE" > Defaults env_keep +="MAKECONF MULTI_PACKAGES NOMAN OKAY_FILES OWNER > PKG_CACHE" > Defaults env_keep +="PKG_DBDIR PKG_DESTDIR PKG_PATH PKG_TMPDIR PORTSDIR" > Defaults env_keep +="RELEASEDIR SHARED_ONLY SSH_AUTH_SOCK SUBPACKAGE > VISUAL" > Defaults env_keep +="WRKOBJDIR" > Defaults always_set_home, ignore_dot, use_loginclass > > > > login(1): > > login enters information into the environment (see environ(7)) > specifying > the user's home directory (HOME), command interpreter (SHELL), search > path (PATH), terminal type (TERM), and user name (both LOGNAME and > USER). > > ENVIRONMENT > login sets the following environment variables: > > HOME > MAIL > > sudo(8): > > Command Environment > ...................... On BSD systems, if the use_loginclass option > is > enabled, the environment is initialized based on the path and setenv > settings in /etc/login.conf. The new environment contains the TERM, > PATH, HOME, MAIL, SHELL, LOGNAME, USER, USERNAME and SUDO_* variables > in > addition to variables from the invoking process permitted by the > env_check and env_keep options. This is effectively a whitelist for > environment variables. > > > > How can I become another user - without knowing their password, > and gain their 'natural' environment? > > e.g. from wheel group to a users group member. > > 'su -l username' & 'login username' require their password. > > I thought 'sudo -H -i -u username' would do it. > > Any suggestions on what else I need to configure?
